Post #1 Student name Rachel
The article I chose this week to summarize is “US Turning Up the Heat on North Korea’s Cyber Threat Operations” by Jai Vijayan posted on 9/16/2019. Link: https://www.darkreading.com/attacks-breaches/us-turning-up-the-heat-on-north-koreas-cyber-threat-operations/d/d-id/1335819
The article discuss’ three North Korean state-sponsored malicious cyber groups that were sanctioned by the U.S. government. The announcement of sanctions included specific campaigns, attacks, and actions that the U.S. government has attributed to the three groups. Many security experts are viewing the sanctions as necessary, but likely futile in its attempt to slow down the hacking activity in North Korea.
The US Department of Treasury announced the sanctions against the Lazarus Group, and two of its subgroups Bluenoroff and Andarie. The groups are thought to be directly working for the Reconnaissance General Bureau (RGB), North Korea’s primary intelligence agency that supports the country’s missile and weapon programs. The Lazarus group is best known for its involvement in the WannaCry 2.0 attacks. The Bluenoroff is thought to be established to earn money for North Korea’s government by hacking other countries’ banks. Andaire’s mission is also financially-centered, but the group focuses on bank card theft and ATM hacking. The sanctions prohibit all dealings between the US and its businesses with the three threat groups (and any entities believed associated with them), and it puts restrictions on any properties or deals the groups have in the US. The article quotes Chris Roberts a chief strategist at Attivo Networks who says that sanctions, in general, are ineffective and laughable and he gives the example of the US sanctions on North Korea relating to its nuclear program. Chris points out that their business is to break the law so telling the groups to stop is not very effective. The article concludes by discussing current threat activity discovered by Prevailion, a security vendor, who observed a recent expansion of a North Korean threat campaign targeting US organizations. The campaign is called Autumn Aperture, recently the threat actors are attaching their malware to legitimate documents discussing North Korean nuclear deterrence and sending them out as attachments to targeted recipients.
The big question this article raises is whether the sanctions will have any deterrent impact, considering the targeted groups are not based in the US nor do they have any meaningful assets that can be taken there. In this week’s reading by Davis, he points out that the idea that adversaries can be persuaded not to do something by deterrent threats alone is naive there should be additional factors at work. Relating to Chris’ comment, Reveron mentions that the new logic for deterrence flows from the realization that the Cold War deterrence was formulated for conditions that no longer exist and that it is essential to disentangle the general principles of deterrence from those that happened in this specific event. Reveron also mentions that the model of deterrence now faces serious problems with respect to uncertainty of an attack, identity of the attacker, and finding value important to the attacker to hold at risk. For the article this week, the identity of the group is known but not the individual players. The groups are associated with particular cybercrimes, but the exact attacks are unknown until they have occurred. The biggest issue though is that the US sanctions to prohibit all dealings with these three groups does not seem to be that valuable to the attacker to hold them at risk.
Post #2 student name Walid
The article that I will review this week is titled “Russian Hackers Are Using ‘Tainted’ Leaks to Sow Disinformation”. The article was published on 25TH MAY 2017 in the Wired.com website and is available at https://www.wired.com/2017/05/russian-hackers-usin…
The article touches on a rather sensitive issues that relates to interstate wars and conflict in the cyberspace. The article specifically highlighted a strategy by aRussian hacker group that is targeting to hack into systems of governemnt institutions in other countries in order to retrieve sensitive information that they use to expose malpractices ingovernemnt dealings in the target country. What is interesting is that, in addition to exposing the legitimate information,the article claims that these same hackers are planting disinformation in order to taint the image more or discredit more the targeted agency or individuals. This is particularly happening when the target agency is for a governemnt that Russia considers as a rival in one way or another for instance United States and France. These activities, according to thisarticle are carried out with backing of the Russian governemnt. While the article was published in 2017, it only highlights what is currently the phenomena that characterizes rivalry between nation-states which is expected to become more intensive in the future. .
Readings in this week were focused in discussion the aspect of cyber deterrence as a strategy for combating the rising cases of cyberwars between nation states as what is highlighted above. Deterrence as an approach to Cybersecurity is being advocated by some quarters as a workable solution that can be borrowed from the Cold War era. It basically entails making a potential adversary believe that the cost of carrying out an attack is far much higher than the benefits that can be derived. Emilio Iasiello and Paul Davis in their separate articles highlights two main approaches to deterrence which is deterrence by punishment and deterrence by denial. Going back to our article, we can identify that deterrence can work well as a strategy for combating the Russian hacker group by making it believe the cost of carrying out attacks for purpose of exposing embarrassing information of the target country is higher than the value they would derive from such exposure. The most practical aspect of deterrence in such a case is employing very strong defenses that cannot be easily circumvented by attackers.
DevekReveron looks at deterrence mainly from the perspective of a nation placing punitive retaliatory measures as a strategy of deterring an enemy from attempting to attack its cyber resources. In this case the fear of retaliation becomes a cause for a state nation to stop any attempts to attack a rival nation state in the same way the strategy worked during the Cold War era. What we can learn from this approach is that its application in the cyber realms can be quite difficult as highlighted by Martin Libicki’sarticle given that cyberattacks unlike kinetic warfare are not limited by geographic boundaries or political standing. Attacks in the cyberspace can be launched from the weakest nation in the world targeting the strongest nation-state. Combining this with the fact that cyberattacks are more difficult to determine the source makes deterrence a less attractive approach. However, deterrence through denial seems as a more acceptable approach because a nation state is made to rely on its ability to create and apply defenses in its systems to keep the enemy at bay.